Welcome to our newest addition to the Hometown Bank family!

The combined United Community Bank and Hometown Bank team offer a sincere welcome to United Community Bank customers. We look forward to providing the exceptional service you are accustomed to along with opportunities to grow and prosper.

Business Security Center

Protecting you, your business and your cash assets is a top priority at Hometown Bank, but we can't do it alone. Just as you lock your doors and windows at night, your business must be protected from cyber thieves attempting to exploit weaknesses in your processes.

A new form of ‘Man-in-the-E-mail’ scam targeting businesses has been on the increase all over the U.S., including Wisconsin. This scam has been labelled "Business E-mail Compromise" or "BEC" by the FBI. Other known names for the scam include CEO Fraud, Spoofing the Boss and Spear Phishing. This scheme represents a new generation of cyber attacking that has been extremely successful as of late. By last count, the FBI estimates corporate losses have reached billions of dollars in the U.S.

The scam involves the impersonation of senior company officials by using social engineering to coerce unsuspecting employees to transfer money or sensitive data as a legitimate business purpose. The scam begins through the use of a compromised or spoofed email account of a high-level executive (CEO, CFO, etc.), business partner, or trusted supplier requesting what appears to be a legitimate financial transaction. The email request, if not verified by the business, could result in a fraudulent transaction that the business unknowingly approves for processing by their bank. Once the transaction is completed, the funds are quickly moved to another account by the criminal, leaving the business with little to no chance of recovering the funds. Other uses for the highly effective scam have been to obtain sensitive data from the targeted company, such as employee W2 or healthcare information. Once the criminals obtain this sensitive data, employees will likely become victims of identity theft.

As our valued business partners, we are asking you to become aware of such scams and to take time to learn the ways to mitigate the risks associated with them. The most important step is to implement an internal procedure to validate any financial or data transaction request no matter who it is received from within the company. The validation methods must not be via email. Instead, the validation should be in person or via a phone call to an already known and documented phone number of the requesting party. This is an important step that employees must take prior to submission of a wire or ACH transaction to a financial institution or before they send sensitive company information, even internally. To validate the request, the sending employee must confirm the transaction details including the receiving account number and dollar amount, as well as any other information deemed pertinent. Having this dual control step in place can go a long way toward saving a business from this type of scam.

What Else Can Be Done?

Electronics and computers not appropriately protected can become an open gateway for cyber criminals to perform malicious activity or access your systems, including your online accounts. Unfortunately, antivirus alone is not enough to protect you from malware that can give cyber criminals control of your computers. Below are basic tips to protect the computers at your business.

Number one tip from the FBI: Use a dedicated computer for your online banking sessions: Dedicating a PC to be used exclusively for online banking sessions will significantly mitigate the risk of your systems and user credentials being compromised. This dedicated PC should not be used for email, social media or web browsing.

Password Protection: Always use strong passwords as the first step of securing your online information. A strong password is difficult to detect by both humans and computer programs, effectively protecting data from unauthorized access. A strong password consists of at least six characters (the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.) if allowed. Passwords are typically case-sensitive, so a strong password contains both uppercase and lowercase letters. Strong passwords also do not contain words that can be found in a dictionary or parts of the user's name. Do not share your password with anyone. Remember, our employees will never ask for your password.

Fraud Awareness: Fraudsters use official-looking emails (Phishing) and websites to trick you into revealing confidential financial information. The messages appear to be from trusted banks, retailers or other companies. Be suspicious of any email with urgent requests to “verify account information.” When in doubt, call the sender directly at a previously known phone number and validate the message. If you receive a suspicious email, do not click on any links or attachments, since they could contain malware. Just delete the email.

Your business online banking account has built-in security options you can use to protect and monitor your online activity. Don’t wait until your business is a victim of cyber fraud before you protect yourself.

Use Check Positive Pay on checking accounts that write checks. Check Positive Pay is an automated fraud detection tool offered by our treasury management services team. In its simplest form, it is a service that matches the account number, check number and dollar amount of each check presented for payment against a list of checks previously authorized and issued by the company. Your checks are verified before they are debited from your checking account.

Use ACH Positive Pay on account that have automatic ACH debits. ACH Positive Pay (ACH Alert) is an automated fraud detection tool provided by our treasury management services team. In its simplest form, it allows the account holder to make pay/no pay decisions for incoming ACH debits. This is a real-time ACH debit approval process ensuring only authorized ACH debits are posted to your accounts.

Use Post No Checks and/or ACH Debit Blocks for accounts that do not write checks or have no authorized ACH debiting transactions.

Review Account Activity. Review your online accounts for any transactions you did not initiate. Early detection may prevent large losses.

Implement dual controls. Requiring two individuals to execute transactions can prevent fraudulent activity even if one employee's computer is compromised.

Change your password at least every 45 days. Changing your password periodically reduces the chance of it being compromised.

Only use company computers. When accessing online business accounts, only use designated company computers that use the company network. Nonbusiness computers and networks are more likely to be infected with malware.

No one ever believes they or their business will become a victim of cyber fraud, but if it does happen, responding to it quickly is of the utmost importance. Below are ways to help your employees identify when they may be the victim of cyber fraud, or when you should consider contacting us for assistance. Be sure that all employees participating in online banking are aware of these tips.

Contact customer support if you experience any of the following scenarios:

You receive an email alert regarding a wire, ACH or bill pay transaction you did not initiate.

You receive an email alert regarding a change of password or email address you did not create.

The login screen looks different or has unusual fields or prompts.

You see unknown transactions or balance inconsistencies on your account.

You receive a message saying online banking is unavailable due to maintenance or another reason after you just logged in.

You log on to online banking and are immediately logged off, your account is locked for no apparent reason, or your computer freezes.

Hometown Bank provides online banking to its customers to add convenience for operating your business and to conduct financial transactions; however, we cannot assume liability for fraud on accounts as a result of malware and system vulnerabilities on our customers’ IT systems. Customers must take an active role to ensure adequate security controls are in place on their IT systems before accessing online banking to minimize risk.

Business customers are contractually obligated to maintain the security of their computers and must monitor their accounts. This means that you will be responsible for any fraudulent financial activity on your account if your computers, emails, electronics or accounts are compromised. Business customers who use their IT systems to house proprietary, financial or personnel information should employ an information security professional periodically to conduct a thorough review of their systems and security controls.

Please be aware that neither the FDIC nor Regulation E cover fraud losses for commercial customers. Hometown Bank recommends that all business owners discuss online fraud protection with their insurance carriers to ensure they are adequately protected in the event of a loss. As always, we have a dedicated treasury management staff well versed in payment fraud and what can be done to prevent it. Our team is available to you anytime for one-to-one consultations to help your business learn the risks and what can be done to safeguard your cash assets and sensitive data.

Contact us at 1-877-922-1790 during regular business hours. On weekends and holidays, call 1-800-554-8969.

This security information page is being provided as a courtesy to our clients. By publishing this information, Hometown Bank makes no claim whatsoever that the information is inclusive of all risks or solutions related to all possibilities of fraud.